Skip to main content

Postfix virtual users with Dovecot

This is a little tutorial for setting up Postfix with dovecot authentication and LDA. With dovecot LDA you can use sieve scripts for mail filter and vacation messages.

Postfix Configuration:

First create vmail user for virtual delivery:

# useradd vmail
# id vmail 
uid=1002(vmail) gid=1003(vmail) grupos=1003(vmail)

We are going to deliver mails for user@domain.com to /var/mail/domain.com/user
For virtual transport we set dovecot. virtual_mailbox_domains are domains that we host in this server and virtual_mailbox_maps is a table to look for valid mailboxes in the server.

main.cf

# delivery
virtual_mailbox_domains = domain1.com, domain2.com
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
mail_spool_directory = /var/mail
virtual_mailbox_base = /var/mail
mailbox_size_limit = 0
recipient_delimiter = +
virtual_minimum_uid = 100
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox

/etc/postfix/virtual_alias

postmaster@domain1.com	postmaster@otherdomain.com
postmaster@domain2.com	postmaster@otherdomain.com

Rebuild table with:

# postmap /etc/postfix/virtual_alias

/etc/postfix/virtual_mailbox
This fiile is only listing mailboxes that are going to accept for local delivery.

user1@domain1.com  OK
user2@domain1.com  OK
user1@domain2.com  OK
user3@domain2.com  OK

Rebuild table with:

# postmap /etc/postfix/virtual_mailbox

master.cf

In postfix master.cf file we set for submission service dovecot authentication. In this way only authenticated users are allowed to relay mails to external domains.

In the last line we configure dovecot for local delivery agent.

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_sasl_security_options=noanonymous
  -o smtpd_sasl_local_domain=$myhostname
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination

[...]
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}

Dovecot configuration:

/etc/dovecot/vusers.conf
We use this file for authentication as a users database. You can use too a mysql db or ldap for this, but the simplest way is to use a plain file for storing users an its passwords.

info@domain1.com:{SHA256}gSGn1f3fg0lTRDezXhC7uJqp3XapE8uT7W42PKDDLyY=
admin@domain2.com:{SHA256}PtkqLjF6lRo3h6WAQOVbuZQ/2d7hupW5BCv0Vx/q7gY=

To generate the passwords we use doveadm command.

$ doveadm pw -s sha256
Enter new password: 
Retype new password: 
{SHA256}SKqtTLTAct6agUe7MQDvTgOtYyjtxJWWTQXiATus88w=

The following settings are the files I have to change in dovecot to configure the authentication through vusers.conf file and the socket for postfix authentication for mail submission service.

10-auth.conf

auth_mechanisms = plain
!include auth-static.conf.ext

auth-static.conf.ext

passdb {
  driver = passwd-file
  args = username_format=%u /etc/dovecot/vusers.conf
}

userdb {
  driver = static
  args = uid=vmail gid=vmail home=/var/mail/%d/%n
}

10-mail.conf

mail_home = /var/mail/%d/%n
mail_location = maildir:/var/mail/%d/%n
mail_uid = 1002
mail_gid = 1003
mail_privileged_group = vmail

10-master.conf

under “service auth” configure the auth-userdb socket with user/group vmail and the socket for postfix authentication with user/group postfix.

unix_listener auth-userdb {
    #mode = 0666
    user = vmail
    group = vmail
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

15-lda.conf

lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes

And that’s all, we have a postfix server using dovecot authentication and dovecot LDA. Now, you can install the sieve plugin for dovecot and use for mail filtering and vacations messages.

Proxmox two node cluster

Although a two node cluster is not recomended for HA due to split brain problem (see Two-Node_High_Availability_Cluster in Proxmox wiki for more info with this config), you can set it up in Proxmox for a basic cluster usage. A two node cluster has an special cman configuration in order to maintain the quorum when one node is not available.

To configure a two node cluster in proxmox, copy /etc/pve/cluster.conf to /etc/pve/cluster.conf.new and edit the new file changing the following line:

<cman keyfile="/var/lib/pve-cluster/corosync.authkey"/>

to:

<cman keyfile="/var/lib/pve-cluster/corosync.authkey" two_node="1" expected_votes="1"/>

Now, you can activate it through the proxmox web interface in datacenter -> HA, review the changes and activate them for the two nodes. Now you can restart one node without losing cluster quorum.

Files not showing up in cpanel file manager

When opening the file manager from cpanel the files were not showing up under public_html directory.
The issue in this case was caused because of a wrong group established in public_html directory. I had the directory owner like user:user and I had to change it to user:nobody. After changing the group to nobody the files were showed up again.

UPDATE:

You also should check cpanel error log (/usr/local/cpanel/logs/error_log). In other of my clients I checked the error log and I found this message:

Out of memory!

It seems a cpanel bug, because the server had free memory and after restarting the cpanel service the error was gone.

snmpd[3916]: error on subcontainer ‘ia_addr’ insert (-1)

This message is flooding my syslog on each snmp query.

snmpd[3916]: error on subcontainer 'ia_addr' insert (-1)
snmpd[3916]: error on subcontainer 'ia_addr' insert (-1)
snmpd[3916]: error on subcontainer 'ia_addr' insert (-1)

To avoid it you have to change the log level of the services. In debian squeeze edit /etc/default/snmpd and change these lines:

SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'

to:

SNMPDOPTS='-LS6d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
TRAPDOPTS='-LS6d -p /var/run/snmptrapd.pid'

Accessing local directory content from wordpress

Sometimes you want to upload some files into a local directory in your wordpress installation directory and link these files in your posts. To achieve this you have to modify your .htaccess file in your wordpress installation directory and put this directives before WordPress directives. Assuming you want to store some files in “files” directory:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/files/(.*)$
RewriteRule ^.*$ - [L]
</IfModule>

The final file content looks like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/files/(.*)$
RewriteRule ^.*$ - [L]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Now, you can link this files in your posts with www.yourdomain.com/files/myfile.txt